Product
high
advisory
ClearFake, ACR Stealer, and GraphRunner Emerge as Significant Threats
2 rules 4 TTPs 2 IOCsThe Red Canary Intelligence Insights report for May 2026 highlights the rise of ClearFake, ACR Stealer, and GraphRunner, with ClearFake using JavaScript injection to deliver malware like ACR Stealer, and GraphRunner being abused for reconnaissance and data exfiltration via the Microsoft Graph API.
Entra ID +6
credential-theft
malware
oauth
2r
4t
2i
high
advisory
Zoom-themed Phishing Campaign Delivering ConnectWise ScreenConnect
2 rules 5 TTPs 4 IOCsA phishing campaign impersonates Zoom to trick users into downloading and installing ConnectWise ScreenConnect, a legitimate remote monitoring and management tool, allowing attackers to gain persistent remote access, harvest credentials, and deploy secondary malware such as ransomware.
Zoom +2
phishing
remote_access
social_engineering
screenconnect
2r
5t
4i